Security Tools

Organizations secure buildings, networks, and data. The digital influence reaching people inside their physical locations is uncontrolled. RevFirma creates a digital perimeter that allows organizations to control the digital influence surrounding their property. We first tested the system in Carlton Landing, Oklahoma, absorbing 146,000+ external ad impressions targeting people inside the community. Every physical place has digital influence. RevFirma gives owners control of it.

LaunchSafe delivers agentic pentesting in a few clicks. Our AI agents actively try to hack your app across code and live environments to uncover real vulnerabilities. Unlike $10K+ pentests that take weeks or scanners that produce false positives, LaunchSafe proves exploits in ~3 hours with OWASP Top 10 coverage. Issues are verified by certified cybersecurity engineers, and our Fix Plan can automatically submit PRs to resolve them. Built for startups and teams that ship fast.

An application security agent that helps you secure your codebase by finding vulnerabilities, validating them, and proposing fixes you can review and patch. Now, teams can focus on the vulnerabilities that matter and ship code faster.

Govern and secure AI agents and MCP servers with centralized visibility, policy control, and audit trails. Security, compliance, and control for the agentic era.

Sequirly warns you before you share sensitive data with AI tools, keeping your privacy and security intact. It scans prompts and document uploads in real time, detecting API keys, credentials, and personal information before they reach Claude, ChatGPT, Gemini, or any AI tool. All scanning happens locally in your browser.

Musical Authentication uses a musical key instead of a password for authentication

Your security tools generate thousands of alerts a day. How many actually get investigated? Flarehawk does it for you. Real-time threat detection, automated investigation, and one-click fixes. Our ML engine builds a model unique to your environment and gets smarter every day. 5-year log retention, SSO, Slack integration, all built-in. Starting with Cloudflare Enterprise. Now in open beta.

Koidex helps you answer one question fast: "Is this safe to install?". Search extensions, code packages, and AI models across VS Code, JetBrains, npm, and Hugging Face. You can also install the Koidex IDE extension for real-time background scanning in Cursor and Windsurf. Free, no setup.

I got frustrated with password managers that feel like enterprise software. So I built the one I actually wanted. Lemonade keeps passwords,env files and API keys in one AES-256-GCM encrypted vault. TOTP, Passkeys, Emergency Access, Secure Notes, Chrome & Firefox extensions. No desktop app — it's a PWA. Free for 15 passwords, $2.99/mo unlimited. The Env Vault is the differentiator: drop your project folder and Lemonade detectsenv files, credentials — everything you can't commit to git.

Keychains.dev is a secure credential proxy for AI agents. Use "keychains curl" as a drop-in for curl — just replace hard-coded credentials with template variables like {{GITHUB_TOKEN}}. Keychains injects real credentials server-side. Your agent never sees raw secrets — immune to prompt injection by design. Users approve each permission with one click and can revoke access anytime. Full audit trail. Works with 11,000+ API providers (OAuth, API keys, basic auth).

Keychains.dev is a secure credential proxy for AI agents. Use "keychains curl" as a drop-in for curl — just replace hard-coded credentials with template variables like {{GITHUB_TOKEN}}. Keychains injects real credentials server-side. Your agent never sees raw secrets — immune to prompt injection by design. Users approve each permission with one click and can revoke access anytime. Full audit trail. Works with 11,000+ API providers (OAuth, API keys, basic auth).

The first security-scored directory for AI skills. Scan GitHub/GitLab repos with SKILL.md files through 4-layer security analysis: manifest, static code, dependency, and LLM behavioral checks. Get 0-100 trust scores, real-time vulnerability detection, and security badges. 8,890+ skills scanned, 6,300+ findings identified. Part of The Red Council security suite. Discover trusted AI capabilities or validate your own.

Build agents, automations, apps, and integrations in seconds. Tines offers a secure, trusted, vendor-agnostic platform to build, run, and monitor all your workflows

0xAudit is the first security audit platform built for autonomous AI agents. Your agent can scan its own infrastructure via MCP protocol, get auto-fix code diffs, and verify remediation — no human needed. 82+ vulnerabilities found across production platforms. Pay per scan with USDC on Base. Free open-source scanner included.

OpenClaw agents have full system access. One malicious skill could steal your data or API keys. SClawHub scans every skill for security issues and gives you a trust score (0-100) before you install. Free, transparent, open methodology.

Alive is a lightweight safety status tool for people living alone. Unlike location/social tracking, it’s almost invisible: set a check-in timer and tap once daily; if time runs out or check-ins are missed, it auto emails tiered alerts to your emergency contacts. It’s instant to start (no sign-up), no location, minimal permissions, no irrelevant data. Contacts and logs are encrypted. Customize period, grace, reminder cadence, and quiet hours. Silent when you’re fine, loud when you’re not.

PicKey’s AI uses your favorite picture along with a 3D character to create an exceptionally strong Master Password. You no longer need to type or remember any text passwords. PicKey, being a visual password manager blends absolute security with effortless usability.

Transcodes is an Authentication-as-a-Service platform for passkey-first, passwordless login and MFA. Users can sign in with passkeys, TOTP, or hardware authenticators (e.g., YubiKey via USB/NFC). It supports phishing-resistant authentication, admin MFA, and DPoP-bound access tokens without refresh tokens. Built for startups and small businesses, Transcodes works without requiring clients to integrate their own backend

API Radar turns leaked API keys into a searchable threat feed for your own org. This new version rebuilds the core engine so it continuously discovers exposed keys in public GitHub, then lets you slice them by provider, repo, file path, and time to see exactly what’s out and where. Instead of digging through noisy scanners or random alerts, you get a focused view of real leaked credentials you can revoke and rotate fast.

I’ve seen many Supabase apps accidentally expose PII, PCI, or hardcoded keys. It’s easy to miss and expensive to fix. So I built Supaguard — it scans your app in minutes and shows exactly what’s exposed. • No setup, just connect • Detects PII, PCI & API keys • Instant alerts Launch offer: 2 free scans + 35% New Year discount 👉 supaguard.pro Feedback welcome — built to help devs stay safe without headaches.

JavaScript virtualization that compiles your code into proprietary bytecode running inside a custom VM - regenerated uniquely for every build.